Cloud Foundry Gets Another Security Layer
A runtime security tool released this week by Aqua Security allows users of Pivotal’s Cloud Foundry platform to scan container-based and cloud native applications from development through production workloads.
The partners said Tuesday (July 30) the security service can be used to automatically scan applications or container artifacts for known vulnerabilities and malware. Scans can be performed directly from continuous integration/continuous delivery workflows.
The goal is preventing those vulnerabilities from being deployed in production workloads. The security tool identifies and block suspicious application or container artifacts based on pre-configured security assurance policies. Those policies are used to check for authorization credentials, so-called “common vulnerabilities and exposures” as well as the presence of malware.
With Cloud Foundry users pushing code faster to production, “application security checks must be accessible within the deployment pipeline in order to scale safety and compliance,” said Angus MacDonald, Pivotal’s general manager for technology ecosystem.
The partners said the addition of Aqua’s runtime security tool would help automate those controls.
The runtime security tools install on Cloud Foundry as a “Buildpack” that includes languages, runtimes, libraries and services used by the app. The runtime protection feature is implemented as an add-on, securing all Pivotal apps without the need for manual intervention or redeployments for other applications.
As Cloud Foundry users proceed with application rollouts, “they are now looking to protect their production-grade applications as well,” said Upesh Patel, Aqua Security’s vice president of business development.
The Israeli-based security specialist with offices in Boston specializes in security for application containers, serverless deployments and cloud native applications running across a range of infrastructure. The company claims its approach adds an additional layer of security designed to detect and block unapproved changes to production workloads. Applications are monitored via customized policies and app network connections are visible, allowing system administrators to apply firewall rules that allow authorized connections.
Pivotal’s application platform includes a distribution of a Cloud Foundry application runtime that allows users to roll out an application platform either on public clouds, on-premises or as part of a hybrid deployment.
Pivotal added that compliance checks on its Cloud Foundry edition can be tuned to spot security risks, implementing regulatory compliance requirements such as GDPR and the Health Insurance Portability and Accountability Act.
The addition of the runtime tool aims to integrate security features directly into the application development process to catch potential threats as early as possible. In that way, Aqua said, developers can reduce their “attack surface.”
Among the reasons for expanding threats is the growing threat of insider attacks. According to a data security survey released last week, 70 percent of companies polled said they are seeing more insider attacks.